美团登录分析

本次只做研究使用,无其他商业目的

分析post:

POST https://passport.meituan.com/account/unitivelogin?risk_partner=0&uuid=35cedefa1dbc478d95a2.1551675031.1.0.0&service=www&continue=https%3A%2F%2Fwww.meituan.com%2Faccount%2Fsettoken%3Fcontinue%3Dhttps%253A%252F%252Fwww.meituan.com%252F HTTP/1.1
Host: passport.meituan.com
Connection: keep-alive
Content-Length: 8841
Origin: https://passport.meituan.com
X-CSRF-Token: Xc5Oawvz-I-noYSSrceOHWQDlPITmDU0nf4M
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3720.5 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
X-Requested-With: XMLHttpRequest
X-Client: javascript
Referer: https://passport.meituan.com/account/unitivelogin?service=www&continue=https%3A%2F%2Fwww.meituan.com%2Faccount%2Fsettoken%3Fcontinue%3Dhttps%253A%252F%252Fwww.meituan.com%252F
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: __mta=42704410.1548811449484.1548896543107.1551675010318.3; uuid=35cedefa1dbc478d95a2.1548897797.1.0.0; _lx_utm=utm_source%3DBaidu%26utm_medium%3Dorganic; _lxsdk_cuid=169470994abc8-0640a2fa8abf75-75492641-100200-169470994abc8; ci=57; _lxsdk_s=169470994ac-a46-d1b-05a%7C%7C2; SERV=www; LREF=aHR0cHM6Ly93d3cubWVpdHVhbi5jb20vYWNjb3VudC9zZXR0b2tlbj9jb250aW51ZT1odHRwcyUzQSUyRiUyRnd3dy5tZWl0dWFuLmNvbSUyRg%3D%3D; passport.sid=OmoUC4vfp_8W9etn5UdtcUp9DFXhH2Uj; passport.sid.sig=oHXP1TvKYtldga1x0x0RHOAaVe4; mtcdn=K

email=xxxxxx&password=U2FsdGVkX1%2BQhkSopFnQCgqryz3ZiEE%2Fr94KT0rYfRc%3D&captcha=hbyn&origin=account-login&fingerprint=1-30-1-21q%7C17a%7C2q0%7C10w%7C20%7C19c%7Cwg%7C1k%7C1ts%7C9%7C1n58%7Cio%7Co27%7C19c%7Cpb%7Cnk%7Cswi%7Ckg%7Cq8%7Clk%7C2zuv%7Cdc%7C13k%7C9s%7C1omo%7Ci8%7C4jc%7Cc7%7C11c%7C6h%7Ci8%7Chb%7C94pl%7Cb4%7Cm0%7Cps%7C158p%7C94%7C7k%7Cd4&csrf=Xc5Oawvz-I-noYSSrceOHWQDlPITmDU0nf4M&_token=eJylWgmv2siW%2FivoSj16T5DgfUmrNbLNbhaDjVnePI0K29gGb3gFOv3f55QN3NvdeUqUSXKpqs9Vp85%2Bjsn9%2Fa100rcvb%2BRn4jP31nnLs7cvJMuSHM8ShMDwdOfNesc4ghQIlum8HVKz9%2FblXyTNcR2O5f%2BNkRUADcJzwr87jykFU4qBf3jPGLa8eXmeZF%2B63QRlWRKn%2BefQ8fMCRZ%2BtOOwiy4qLKO8WkZ%2F7pRPErh%2F9d%2BakpW85v1VV9V9WHOV%2BVDi%2F1WR%2BoaVfqAH8g0cf6QDyoASzzMnz%2BOxEv9CD5%2Blf6F5znmIxBRbTYL9BBTBQypPjvzzuvoFMoYFl4jmxw5BcR%2BBFniTgCKjgCXC88ALYBmh28AAwNcAyNcABQNUAw9UACwBZA3RDg%2BkwhNgADQ0aAKEGKKoGKACaa8mGKAlAcy3RECUAoDHAisILIBugJsqKHVqsb2GFmijLA8DXAF8TZVkAaqIsVxMFn6DFhihbE2VpABqibEOUAoCoAYZ6AkJzC90QJQGoZWGphijxAsiaKAOMCQ0fjZIZYEyopWWJmigDfAi1ThmxJkoLANR8MEJNlIZb%2BJoo09gFnJPmmyONXcBqNNfs4GqiBNzC1cIxtaE4UA7N1qwztaE4EIxmGxq1oTgBhGOJBsBEIZw6NFNzytSG4sD6NNMQrQ3FgaFopjlSG4pjgQ%2B65oOuDcVhndJcA9REsYLo%2Blq6NhSH9UHXROnaUBwD19K1%2BHRtKA4r6AHUhuIY6gUwDQ3yAfDs4wgGsFvyVK0gjiFeAEe9AHwtTz6IPhmDYHjfgR2G48S%2FAvQ7Ua4GiPdra6BxS47B4vM18JCWeQE8%2BxJfqIEH62AoWqyBhjHsY0%2BAeOm0ARrxsWvXZuAat%2BSw8z8AqrGL8ALACyEFnOsUMO%2BM59rawJoka9q7FyDwtRbkd6Cx6OgdIGsPXz4BioHrAWBfAM0TJADqC6BECgu9egfYegfzAGhIKyQPgPQCWIETAZi%2FAxSFj%2FzP4R0ham%2BcvQC4F3O2fQdIHnOmPwGBp2tGei%2BAA18GYPAECJAOM7J5ATzP4B39FwBOIH5QGU2AiTFgPgASvKKOX%2FoFsFQd4e87mMaj5RdANwnueQtJcXDqg%2FwkJP%2Ba9f0LgPD9yAdJUZB0sIYKgoBM3KBg39oBlecuhgL5wBFQ7QgUw9ep%2F%2BUOQp1owMK1yz9hSAk1LAp1Pn5akW2sSBLYU4kXTDTZisK5iAJGZsOOAEdprFcSpzDqRYIUSQGTqPmA%2FU%2FDgZNRNR%2F0Bz4gSVMiXe8W6wslnKYZiqh5gMvI106BFRisLQqyNtw4MmZTSHKUWFsO%2FLOuVU%2F7iUTtAyQJYU0JLxgSaM2awHYoqiEBZuSImi7P1LXraT7IBA2%2F1AcSJEc1uY6qyxb%2FMhTPNBdSEL%2FkazcYplanSEFtJagnDIHLPkof7Oj0xmaHhGSDBRGx4pmn0Axd8wAW7FDCU8M0qBCDIj794hdyHfaBHPsA9oUZdFWwy4%2BSAjdQ%2F%2Fq9mc5R6MATaB9CP4fnju3neo7S3LENP3RgGiavFkwQBAqq19vZuR1ilNr90olyOE18qv8%2Bjg%2F8yM%2B8%2F3AeLPRH5y93oyS3PPT9y1kSivQ3Lmc%2BkZ8oQSC%2BQrRQX1nQ3I9wQgnE3zj5MS1AhoYW5ptaIH9EC3CeZ39WC2B38psmwFqAkkB8FSFuvkJ4Mz%2BgBiwK83NqgNigoNf7aTXg8wL%2Fk2qAgiWI37QBB5dDiWa%2BsvBmIH6lWFH8youUUH%2F8EFPE35n6IYVAJWKgSfrp6IDzLP2zfkFD3qT4%2F%2BgXDA%2BBQUI5%2FQrt3ff9ohbl76z8kBpISGOQvH9aDXAeXtV%2BUg2QX3n%2BmzbAagAPECAyeF74%2Bmhiv8sKwQg%2FqQYo%2F1CWfl4N0C78vBpoguC%2FaYPGG1iee%2BgBKk9dhr%2FLDLR8P6cIgoJXj%2F%2BQJ35EEfg8L%2F71bidEfvD9q6E1%2BqYaBKwGsC9ogYQfCn6Ix5z8ynxfIY1QP2kdAswjfjNWcfJioF9lIEwJSGEQto2rfoXe4kdUBfL%2BpL8S0LP8f7IXnBeYv9V2%2FKVKFaf2928nGf6bKiEpnNAZ4d083%2Fn5EU5B0p9zKOiDvx1X5A%2FVvEbMP%2FB3T0Wex1HWNGeHNNZwq654aRw6La03aGlB4foR7urfMdN3KifFbwwIfxnVUgIfXw8EEt13IyzE5DY1o%2BlCnaWaYa7H1mhgKDM3MazubC1O5IFbTg2F1KZLVW3rm81%2BggL1dIr26iEM9NNAciX9flXXcId17gPBm5PB%2FDiFqZT6KOjUny05QNb5MZ%2BjNI2rx2Id%2BVZsO62Z3pHj%2BNySoty%2FFKhehChqLQK7pee3wOkoKPAPqQ9jCAN6jq0Zyr2OAnIV6e05toZx7vnWa6lbXhwHB6DZUeLQt1o6ijJ8pwIqjQOUwaRIfSd9jq25U3WGTpy6cNPICUon9y3UGYcJsvLOtLB8G7Xk1He91wr4C3w3RYl3e0E1dee5HKDrczpCkV2lfu5H7hPCLH2ct4xb4uA9wNVH%2BKGxzsy30jiLj3kD607qHzuzOIpzOAdXp5lfos5Mf%2BoCZtr7dOUcndSJLOdPp%2FW%2FruqJhgLwnyhuTf2Gekd33BhcLPWj%2FDHXrdRPnov1%2BDWBM1hHr6XuhP4hDuwPyC0EoGMgLw5RB4dA1nxiG7RWAEYdI3UOheU5ObaZ6aQ2ilBnA8qz4Sd7n7WoD3O6I7kg4a01kDuSh9I48jtS4IJIQFGKbBQUGYxuBsRqez%2Fma03pSAlK0cnPEbgpOoDDYGPg72GxwWSUnfE3ukHg1P45QJYDYI7qZ3hQPAwUHiqylkh3ZCcIWjMDxjTwo0bHwBQsI8gJ8AR7iu1EmWN36khBtg0%2BODYUiAMb%2BK4PP2ePYHpffzgMHg6JJDg%2BtNriO3KK7MC51R7XUExjZFfohicV9tlG%2BNcKiy%2BnReY9bIrvxrF3jNMINIcZx8ssj5snoMgUR2OWg5QorWMOFTB6WEE4ooI4Ag3jzRAPoJ4cR28cJyBiI4oSJ7BIwMucV%2BT%2BDXp4Ejj2wQnwYD84b6aYbaVIgzu%2BqIeKSHMiDyalb3d6AxX5n3S508MsRc3mXnxWPMi1CGZ5ETaf2HB9SCvgiX1QEiYcPfWAldcPnMQDCTr9CEK9dNIMX9cvcCg2ZPtF4oGPo84A%2FECPwSUGTuBfW4afB9h5BnEME5AEW64RaRBD8egMUhSdV4XjBTB1nAe5eorz3zPCBjhqP9pmiIBfyGEwKaB2%2BJ2h7%2BIPcLkmyxl%2FWnzwliEUHTgWF%2FbtQ55t1noeF3lnWAR%2B2HxizQwLiJDCe44YGiEICiBneZXjY3OPILuDnFCrOiOQrmXEUIJahnPNcfbEGQMzoXvIhhowjsCrQigDTZiPUz%2FDQo%2BzM6Rr1NJiCMAJykI%2FcjA%2BiSHu8MZJ4UPmwgYBwxo%2BfGLdIhjT3D%2FD6IVwKaQhNbYtD2zo4uNqfPZBTyrcAiw3xwvwSGD7qd0pivGxKdQU1Jk6ToAqZDuQwR0o3H6IlTn1gxumNkNu5OQxjEDfTlFr2IN54BbRK%2BPCvVABZygNQEkwQi1CtfSN8RSUQIYJss7M8dNb%2FBjw%2Fe%2B5fQSuGKAb%2BgBNPCdyR47%2FAcKZ0kB%2Ba1p8rAuah9xM%2B3i03vNxyxpMBLH6DuzQnynv%2FJaMoE4BFLlTf%2F0c%2F3ek6or%2B59Wn%2FjWXn9BzAdk2fAytgX8Ft5uB%2BlOsF6hiadSax59bFIErlxsHONwe94EHyDHEBK5DQBMqeF3C3qcfSljiWNBM5DcMQ0l56t9oAROQnGZmSwbaHeg8zn4GHj33kQtZq%2FWIYvsF6LANVrof6kXUmd9A9x0cGrARUp5X%2BzF2gkV0u9Z10XI%2BhKKGkhtkThhTCzwQ0oQGOczJoZ95Tp55oN4eQCZBUKOgrkEspeDdDgZvB4jXjvbUuPYnjWpxnLZWPrw1pHZHw67sQy1cIUh08Fn6TmcVW%2BcKcvFr8iHkVzFUXnQ%2BQ8jN0AnyPeroXgxVCLQOItarysJF6aFD3UsLsAYoBPsFDAlUAt%2BxW01d%2FDvyMPJDg83QcK5HKKmDTofos%2Fygo9%2BCI3KgujthAoWyTlD4uQElC1wA2Aqe1xgFDm%2BjakF1wap7zT7Its4zhLyOiaDOm%2F4JB40JiSN9L30mdESBDU8DuCD0X1FvQlqycUMBjegUtzq4hX11yNfAPOd36r5bdv1iF00Gi8k9IJx0ddbpcbZYXQwb2up7klh9xoOG2JRv7VvJ87ZwG63ufc3yNO1A8s7UMA%2FGWdRkUyWOA%2BRMS9XaV1G8Gh2YfJmdkrPjbRXdpNm91k2QLF%2BE4sKr5GbjZDZnWEx7VYG7iPKM3A11YlNSl10pGvM1NRkupj7rmhPXoE89jVzkOrWWI9YsWEsWheHqRu2mwWUxI7f0cb4%2F9NKRYhg5lbLXbHm8UIeLN3Zywcx9nfTT3W1QRdTCzAfofO2ul1Qk3K4FNyRDu21MLd6YtMNk46%2BD6bYwxYofD02fNteCQVSr3TVf9IOTc5nFNL3y2nKvOrHWyCx5vbws74e%2BZNPXaNT1B%2BNuoWjt%2B6LrC%2FP7pG9VtuqK0U7YbmxLNg8jNKJQW72N8yQcXMVs6t4JPWaKnbWhju4t24YpN1wW9nl5Jrj8vqEZ0r7FMueKvYvWnVeml2hnfhyc9D1PbCvP8c0uf7%2BcS6XLpeUldXdIoFSaDFRpX4r7TcrIk0WpjYMCMYPUjK15seIZr60hGmRT9ePcG6nBhF3NJuosyBfLTN6QE4YrydPZ4aJ5T14v9kjztNv8Mo5P2hradi2l08H9EvR63sUWN4vZbrXqG%2Fyor5HjZHIsNvqdcD0r1udbeLNhhr1%2BtNNCyi6kfMGXc3%2BmhMIcTJhcilgrd8l6UXAj38u103ikzrpbJVLNcNW2ynPqd%2F2ATJPkrtI7VQyukjj2naEv%2BuFM43rL%2Fl7esaU7sdayJery0A2X41k8OFWn6a6QZGYdKrQnoaLnc5nLzD1pb16947l7UZHqhoOudV3ovWCvpRNfTC9TPmiz3CTmjtSqrKZ3tA7Eks%2B89j04cJvz%2Fca0p6k1iA%2FSpScniHFKVmWG%2FNI0F%2BO56y9H7ft50U%2Brw5WhZLmbDqX2pRwNCpa%2F7Ax1zI%2FoSJ8vd5RBX6RFFis6NVXuh9uFvq2j66E%2FliRCOFvcfBpeJYMjiPORTmOq51f3%2Bfwq3UrxQBx2q0Dh7zNqs1NEbjhxi%2FWGJsngcFta4Xyr892xcrvsN%2FnBpShP7eaD6EoH0%2FG64DZ0dOiR7YkxPfTcU3LvXwe5vpCkzDLZ7LohUrJnM85R3fqiS1uXHnU8LxyHnsxJYxHvdufV%2BTJbzgsNXS5Xz93ttszhoOcLmt9F%2BTDXr5UkHS8LKk%2FYQfdGSDY%2FrcClV4W%2B9PThtRD2210%2F9Gaiu7qg4KbOo%2BX2lo1djzWzssoi%2F36ymRXaaUO%2BXE%2F6lcPwRRRPMopahOc5c1%2FcE%2BPmnNzu%2BMJd9M3OaefcwiGlwLHWy9GgPVwHeSoM%2BUu52J7inJ8t%2B9pAphR5nOxXY43edacbUu31isHuSM12baNvFMd2N1%2Bwuh%2BzzOYStofHg3kqSHmSCPfJJaLoSMpHS9Lkt0PGJv3bVlMmg2px4RnXFjUtHJl6qUTjqWrSJb%2BYL7o2fdwvSugvDiyrc%2Fl%2BvizjvDT75Ay1Y6daKKP2uhgq6gp1i4rqXm5t4Vag1JWHvHFEvmQupXAv8Z7Rv1e7nS5mTLYiI0W%2BEsZltaNWs8zqmndJuTtRlQx2zKatBdZhnKtl6qzjTZHou3VwtQdeuFlCMEeRfaS1jVrKq2TnT%2FaRd7psxuWpaPO2N%2FWQ4C7UVehxdv%2B%2B3Fz6CuHrc26oOMKe2oe8q%2FXgfXyxTLxVOCyl9XlFZrcTv2%2FL5qjtjEd3sS%2FKnmJKbarqS6loDlRqM95oEG%2BjA1cGpdlT%2B2wkLsbTjOkJS6F3TuzZ5Nwrl0Z3xRPJeRL21fEiqKxkNPOWVKjuNnvfoyp3PBhvxxIRuo6pn7ba1RSoNauEyvgKBetekVLbvcVquzJCR3Ruo6G9cLgKSdYwMYSImp%2Fj5coNkqK8GYVs0%2BwmVBi9cAtaWBDXfL0aatdR2J1ooopkdlksxjynlYou%2BGZ7cvSq%2FOIQIxAu0dWloGp9gxZygxXl7vyWsfhbJ2%2F09uX3t%2Bsn%2FJoE1bz%2BLS3qM%2F6%2BzYbXOlhCz9dpEQy0Iim0gKQI8y8s8YUmW8OZgb9SiiNoFfJP0C7E%2BJ0ejrh3P4En%2BDeq6t%2F7MqAXhiLfbI4cK28ugk4q%2BQQvBaXzgQz%2B6gKe5dDDdb08DH5t4S4K3up%2FK%2FLjJ%2BHtD2AsMmBHEZ2juMJdgGXCErhFX6APd51uErm%2FHlDmcEzHN%2BXFqiLUoRtL8Geur73%2B2oWZzOC1o0g7PPIzlfNhhAIR9Jfmaqxz1Ha59tfLlTE6Ugt3hVzwylPKKKNsPRwsV3POXxLL%2FvS8thfBUl%2FrSn8dO4vRZd5bR%2FoFDSxuMukvSTWYrs5L3ZZ7yXq0XCoFpQ9Xqtxfad0DZV%2FEIINAO5DVoXcUBeog0t3yvu06Zc%2FcIba%2F9u%2FSVZ5tBmzPRINoXC0k9bTnFlt93j9X0jTnGWu1m%2FbUtpvthasmXWkvW3IDt0%2F2JkpbliJLRqJ32%2FnLGc0O4ly5iyqVt2VauUgBI193vUEeVxum16sU2ncM2T%2FlmWN01%2Fc9Z15SUbmYB6S3DZTJanbdJVxOFPwxzRXuupbYw6WijTW5U%2B6Mt2Iq42xI3WoYStycXJbZYVn1sltUdrV9TECaz62RgYThaBzJjGdQi%2FEGNs0X16qrKTNhAwrIFIZOWem0lFlmYFcKOUqT3brYqFKynVmUvFwS7uzilKIwuevUYOUqfAiZyEPMyPCpe%2F88Ht%2BE3rYgHI9hbClN9JUo9e73o1JIHBncjaoyEmO6zXla6yU9eyYU16HTXd4kuGxLy2xXL5FQjnv9JEi4yOqtTmM3alM9LtIhEdP7%2B1JljUslbTaWwDCaFE%2BWm3PvirSip7RB2XZG0hNe5bakMd0rypXu39jDLJ6v7cS6xPFgo7Q5%2FaIcTWafznRhnDgmtzYCWnbTbIOq%2FuKkXQ9BtM7VU8HJ9FKNZG8pc6pu%2BgtGI3iHOJfuUkjuEkpc5LhsX3KyKdG1kvPmvF0fKDk3pwNmjKTB%2Bn5ec92Rs14lyWwvDXP1Qq%2BN02wXbNer1S0pT2Rv5vdO3am0MaWlQB%2BDSZm5G4Idzrye5op2hQ6mP6HUYpZewuGuItzhvRQ06Cuvp%2B4u5bRN0t3qsyX0%2FirlF2Tepuc7ospP%2BXC%2FH2yzQ58itTIkl9v5xlSvvC5sF5tyREwi%2BWro%2FcvJJnrySQ4vh7u68UuXEhRuvj24xlVdz5aTxWRAO4MjSTFSUhXldEdCI3poS7Ilk6dblkwnB4U%2BIJoLUCktkKeU56Rry2Eq8yGEzEVYaMN9z6Lu9iQbDr3LIZydh72Y3F%2Buh3IylTQ00nrdtrWcGNvQtY%2FSjrmyYXcX9I7VNhRGiyFLiygf4%2Fwg6WtzsVJZZTce%2FwYZp8IZZ%2BMc1Pp%2FYKrVa9WCYTgFrJDq1HmHl0TUZT8TrX9s4PUlrrLW3Ghxn8lfW7DmmF9bV475Z0tKksBpKHRZmv9Mc61%2FqPUvrrQC%2F%2By0ho51jv%2FZav7XoMszn4nPNE8Rn1l4HzsiaCybQzjnZpAbyc5b8BxjpfkVkez1pmT7RH9R%2BdJS0rp6IldbdTg1Pdktj5nmZueDPpCTHavBm0sWWpPTrMdmy%2Bt8OynZC%2Bkki5tYEZdVSLQlZ792ZodjP%2FMm963v2Uemu6Jnh6QsNZpfo%2FVmchyxbhapZ26iF2vjbF8dP9%2F71mzny9uEHe1ZJux3vYNG9KkgESOVuA1Py3g9m20n6zNdVL%2F99vbH%2FwFy45sR

csrf在返回的response中可以找到,fingerprint记录的是键盘和鼠标的信息,可以固定
加密的只有一个参数password
来看看参数加密的地方在哪里

s.password = m.AES.encrypt(s.password, "mtdp").toString()

AES加密,可以使用Python重写下,但是我们不重写,抓下来这段js试试

典型的webpack打包
这个是典型的webpack打包的

function e(r, t, n) {
        function o(i, f) {
            if (!t[i]) {
                if (!r[i]) {
                    var a = "function" == typeof require && require;
                    if (!f && a)
                        return a(i, !0);
                    if (u)
                        return u(i, !0);
                    var c = new Error("Cannot find module '" + i + "'");
                    throw c.code = "MODULE_NOT_FOUND",
                    c
                }
                var s = t[i] = {
                    exports: {}
                };
                r[i][0].call(s.exports, function(e) {
                    return o(r[i][1][e] || e)
                }, s, s.exports, e, r, t, n)
            }
            return t[i].exports
        }
        for (var u = "function" == typeof require && require, i = 0; i < n.length; i++)
            o(n[i]);
        return o
    }

关键的加密代码:

var f = e("lodash.foreach")
              , u = e("@sso/scripts/formchecker")
              , l = e("@sso/scripts/capture")
              , d = e("@sso/scripts/captcha")
              , h = e("@sso/scripts/zoom")
              , p = e("@sso/scripts/util")
              , m = e("crypto-js")

m = e(“crypto-js”),这个时候已经生成了m对象,后面的代码强制注释掉就可以了

var f = e("lodash.foreach")
             , u = e("@sso/scripts/formchecker")
             , l = e("@sso/scripts/capture")
             , d = e("@sso/scripts/captcha")
             , h = e("@sso/scripts/zoom")
             , p = e("@sso/scripts/util")
             , m = e("crypto-js")
             password = m.AES.encrypt(password, "mtdp").toString()
                   return

舒服!